browser exploit packs â exploitation tactics - SecNiche Security Labs

More documents

Recommendations

Info

BROWSER EXPLOIT PACKS – EXPLOITATION TACTICS SOOD & ENBODY Figure 5: Shellcode functionality model. Moreover, BEPs are designed in a sophisticated manner using appropriate encoding mechanisms. Malware is one of the biggest problems nowadays. It is becoming really hard to restrict and conquer it. In spite of the efficient protection technologies to restrain malware, it is spreading its tentacles and becoming more advanced day by day. BEPs are one of the robust and sophisticated mechanisms used to spread infection by bringing together a lot of malware-specific techniques, thereby beating the protection shields. Analysis of BEPs and an understanding of their features can help us develop our analysis patterns based on which new protection mechanisms can be developed. We believe that the World Wide Web will encounter more sophisticated versions of BEPs in the near future. This is because botnets are impacting the online world at a rapid pace and BEPs are supporting them in their initial execution phases. Our future work will be focused on detecting and analysing other types of BEPs so that techniques can be enumerated directly from the malware analyses. We are in the process of collecting other BEP samples so that a relational analysis can be performed in order to derive chronology for various developments taking place in BEP history. REFERENCES [1] Symantec Security Report – Cyber Attack Toolkits. http://www.symantec.com/about/news/release/ article.jsp?prid=20110117_04. [2] Krebs, B. Java – A Gift to Exploit Pack Makers. http://krebsonsecurity.com/2010/10/java-a-gift-toexploit-pack-makers/. [3] ZScaler Security Research. Blackhole Exploits kit Attack Growing. http://research.zscaler.com/2011/02/ blackhole-exploits-kit-attack-growing.html. [4] Provos, N.; McNamee, D.; Mavrommatis, P.; Wang, K.; Modadugu, N. The Ghost in the Browser: Analysis of Web-based Malware. Usenix Hotbots Workshop 2007. [5] Polychronakis, M.; Mavrommatis, P.; Wang, K.; Provos, N. Ghost Turns Zombie: Exploring the Life Cycle of Web-based Malware.Usenix LEET Workshop 2008. [6] Bayer, U.; Habibi, I.; Balzarotti, D.; Kirda, E.; Kruegel, C. A View on Current Malware Behaviors. Usenix LEET Workshop 2009. [7] Kanich, C.; Levchenko, K.; Enright, B.; Voelker, G. M.; Savage, S. The Heisenbot Uncertainty Problem: Challenges in Separating Bots from Chaff. Usenix LEET Workshop 2008. [8] Malware Domain List. http://www.malwaredomainlist.com/mdl.php. [9] Clean MX realtime database. http://support.clean-mx.de/clean-mx/viruses.php. [10] PHP ionCube Encoder. http://www.ioncube.com/ online_encoder.php. [11] ZeroDay Initiative (ZDI). Sun Java Runtime Environment Trusted Methods Chaining Remote Code Execution Vulnerability. http://www.zerodayinitiative.com/advisories/ZDI-10- 056/. 8 VIRUS BULLETIN CONFERENCE OCTOBER 2011
BROWSER EXPLOIT PACKS – EXPLOITATION TACTICS SOOD & ENBODY [12] ZeroDay Initiative (ZDI). Sun Java Runtime Environment MixerSequencer Invalid Array Index Remote Code Execution Vulnerability. http://www.zerodayinitiative.com/advisories/ZDI-10- 060/. [13] Malware at Stake. Java OBE + BlackHole – Dead Man Rising. http://secniche.blogspot.com/2011/02/ java-obe-tookit-exploits-blackhole-dead.html. [14] Felegyhazi, M.; Kreibich, C. On the Potential of Proactive Domain Blacklisting. Usenix LEET Workshop 2010. [15] MaxMind. http://www.maxmind.com/app/php. [16] RFC 2616. http://www.w3.org/Protocols/rfc2616/ rfc2616.html. [17] Park, B.; Hong, S.; Oh, J.; Lee, H. Defending against Spying with Browser Helper Objects. http://ccs.korea.ac.kr/papers/tech05_01.pdf. (Technical Report) 2005. [18] Polychronakis, M.; Anagnostakis, K.G.; Markatos, E.P. An Empirical Study of Real-world Polymorphic Code Injection Attacks. Usenix LEET Workshop 2009. VIRUS BULLETIN CONFERENCE OCTOBER 2011 9
Page 1 and 2: BROWSER EXPLOIT PACKS - EXPLOITATIO
Page 7: BROWSER EXPLOIT PACKS - EXPLOITATIO

browser exploit packs â exploitation tactics - SecNiche Security Labs

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?

browser exploit packs â exploitation tactics - SecNiche Security Labs